Penetration Tester

Terra Security provides agentic AI-powered continuous penetration testing aligned to code changes and evolving attack surfaces, combining a swarm of trained AI agents with human supervision for safety and control. Fortune 500 organizations trust Terra to ensure every attack surface is covered across the web, AI, internal apps, APIs, mobile, networks, and the cloud.

Terra is on track to become the next breakout cybersecurity company with $38 million raised to date, including a $30 million Series A led by Felicis Ventures with participation from Dell Technologies Capital, Silicon Valley CISO Investments (SVCI), SYN Ventures, LAMA Partners, Underscore VC, and Capital One Ventures.

Summary 

As a Penetration Tester, you will be a founding member of our new European penetration testing team. You will work at the intersection of traditional ethical hacking and cutting-edge AI, providing the "human-in-the-loop" expertise that ensures our autonomous agents remain accurate, creative, and devastatingly effective. This is an opportunity to move beyond standard "checkbox" pentesting and into the future of automated, exploit-driven security.

What You’ll Do

• Perform deep-dive penetration tests on Web Applications and APIs, identifying complex vulnerabilities that automated tools often miss.
• Work alongside our AI agent swarm, providing manual verification, oversight, and creative exploitation logic to enhance the platform’s performance.
• Research and develop new exploitation techniques to keep our platform ahead of emerging threats and unique business logic risks.
• Translate technical vulnerabilities into clear, high-quality security reports that provide actionable remediation guidance for our customers.
• Contribute to the methodologies and workflows of our growing European hub, collaborating with global teams to maintain a "best-in-class" testing standard.

Requirements

• 3+ years of hands-on experience specifically in Web Application and API Penetration Testing.
• A strong understanding of common attack methodologies, exploitation techniques, and the OWASP Top 10.
• Proficiency with networking protocols (TCP/HTTP) and a solid grasp of client-side and server-side languages.
• Practical expertise with Burp Suite, Caido, and other industry-standard security testing utilities.
• The ability to write clear, professional security reports that balance technical depth with remediation clarity.
• High-level English proficiency (fluent in reading, writing, and speaking).

Advantage

• Experience with Python, Go, or Bash to automate repetitive testing tasks.
• Holdings such as OSCP, OSWA, OSWE, or equivalent.
• Familiarity with testing in AWS, Azure, or GCP environments.
• Interest in or experience with using AI/LLMs to enhance security workflows.